Avoid injection of a possibly-null string value if thee Valkey cert key doesn't exist (#3055)

2026-05-21 15:21:48 +00:00 · 2026-05-20 16:02:35 -04:00
parent c3f8ec8c85
commit 73725e94fe
2 changed files with 9 additions and 9 deletions
--- a/core/src/main/java/google/registry/cache/CacheModule.java
+++ b/core/src/main/java/google/registry/cache/CacheModule.java
@@ -60,12 +60,15 @@ public final class CacheModule {
  public static Optional<UnifiedJedis> provideJedis(
      @ApplicationDefaultCredential GoogleCredentialsBundle credentialsBundle,
      @Config("valkeyHostsAndPorts") Optional<ImmutableList<String>> valkeyHostsAndPorts,
-      @Config("valkeySslSocketFactory") SSLSocketFactory valkeySslSocketFactory) {
-    if (valkeyHostsAndPorts.map(ImmutableList::isEmpty).orElse(true)) {
+      @Config("valkeyCertificateAuthority") Optional<String> valkeyCertificateAuthority) {
+    if (valkeyHostsAndPorts.map(ImmutableList::isEmpty).orElse(true)
+        || valkeyCertificateAuthority.isEmpty()) {
      return Optional.empty();
    }
    ImmutableSet<HostAndPort> hostsAndPorts =
        valkeyHostsAndPorts.get().stream().map(HostAndPort::from).collect(toImmutableSet());
+    SSLSocketFactory valkeySslSocketFactory =
+        createValkeySslSocketFactory(valkeyCertificateAuthority.get());
    JedisClientConfig clientConfig =
        DefaultJedisClientConfig.builder()
            .ssl(true)
@@ -111,11 +114,7 @@ public final class CacheModule {
    return new MultilayerHostCache(jedisClient.get(), cacheMetrics);
  }

-  @Provides
-  @Singleton
-  @Config("valkeySslSocketFactory")
-  static SSLSocketFactory provideValkeySslSocketFactory(
-      @Config("valkeyCertificateAuthority") String valkeyCertificateAuthority) {
+  private static SSLSocketFactory createValkeySslSocketFactory(String valkeyCertificateAuthority) {
    try {
      ImmutableList<X509Certificate> trustedCerts =
          CertificateFactory.getInstance("X.509")
--- a/core/src/main/java/google/registry/keyring/KeyringModule.java
+++ b/core/src/main/java/google/registry/keyring/KeyringModule.java
@@ -22,6 +22,7 @@ import google.registry.config.RegistryConfig.Config;
 import google.registry.keyring.api.Keyring;
 import google.registry.keyring.secretmanager.SecretManagerKeyring;
 import jakarta.inject.Singleton;
+import java.util.Optional;

 /** Dagger module for {@link Keyring} */
@Module
@@ -55,7 +56,7 @@ public abstract class KeyringModule {

  @Provides
  @Config("valkeyCertificateAuthority")
-  public static String provideValkeyCertificateAuthority(Keyring keyring) {
-    return keyring.getValkeyCertificateAuthority();
+  public static Optional<String> provideValkeyCertificateAuthority(Keyring keyring) {
+    return Optional.ofNullable(keyring.getValkeyCertificateAuthority());
  }
 }